From 8fc48f2d4398fce0fe345da6e5e0587006459c1c Mon Sep 17 00:00:00 2001 From: zotlabs Date: Wed, 21 Feb 2018 15:56:51 -0800 Subject: add event resource_id to iconfig so Diaspora can search on it without looking inside JSON objects. --- include/event.php | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'include') diff --git a/include/event.php b/include/event.php index c1cf59425..1077a3c64 100644 --- a/include/event.php +++ b/include/event.php @@ -1200,6 +1200,13 @@ function event_store_item($arr, $event) { )); } + // propagate the event resource_id so that posts containing it are easily searchable in downstream copies + // of the item which have not stored the actual event. Required for Diaspora event federation as Diaspora + // event_participation messages refer to the event resource_id as a parent, while out own event attendance + // activities refer to the item message_id as the parent. + + set_iconfig($item_arr, 'system','event_id',$event['event_hash'],true); + $res = item_store($item_arr); $item_id = $res['item_id']; -- cgit v1.2.3 From fef3155e6ac04dcbc5b414b8dbc252267282dd47 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Wed, 21 Feb 2018 16:41:33 -0800 Subject: cleanup the recent crypto code modifications. We need this stuff to be readable. --- include/crypto.php | 51 +++++++++++++++++++++++++++++++-------------------- 1 file changed, 31 insertions(+), 20 deletions(-) (limited to 'include') diff --git a/include/crypto.php b/include/crypto.php index ab33ba096..1040ac29b 100644 --- a/include/crypto.php +++ b/include/crypto.php @@ -119,21 +119,27 @@ function crypto_encapsulate($data,$pubkey,$alg='aes256cbc') { } function other_encapsulate($data,$pubkey,$alg) { + if(! $pubkey) logger('no key. data: ' . $data); - $oaep = false; + // This default will change in the future. For now make it backward compatible. - if(strpos($alg,'.oaep')) { - $oaep = true; - $subalg = substr($alg,0,-5); - } - else { - $subalg = $alg; + $padding = OPENSSL_PKCS1_PADDING; + $base = $alg; + + $exts = explode('.',$alg); + if(count($exts) > 1) { + switch($exts[1]) { + case 'oaep': + $padding = OPENSSL_PKCS1_OAEP_PADDING; + break; + } + $base = $exts[0]; } - $fn = strtoupper($subalg) . '_encrypt'; + $fn = strtoupper($base) . '_encrypt'; if(function_exists($fn)) { // A bit hesitant to use openssl_random_pseudo_bytes() as we know @@ -151,14 +157,14 @@ function other_encapsulate($data,$pubkey,$alg) { $iv = openssl_random_pseudo_bytes(256); $result['data'] = base64url_encode($fn($data,$key,$iv),true); // log the offending call so we can track it down - if(! openssl_public_encrypt($key,$k,$pubkey,(($oaep) ? OPENSSL_PKCS1_OAEP_PADDING : OPENSSL_PKCS1_PADDING))) { + if(! openssl_public_encrypt($key,$k,$pubkey,$padding)) { $x = debug_backtrace(); logger('RSA failed. ' . print_r($x[0],true)); } $result['alg'] = $alg; $result['key'] = base64url_encode($k,true); - openssl_public_encrypt($iv,$i,$pubkey,(($oaep) ? OPENSSL_PKCS1_OAEP_PADDING : OPENSSL_PKCS1_PADDING)); + openssl_public_encrypt($iv,$i,$pubkey,$padding); $result['iv'] = base64url_encode($i,true); return $result; } @@ -229,20 +235,25 @@ function crypto_unencapsulate($data,$prvkey) { function other_unencapsulate($data,$prvkey,$alg) { - $oaep = false; + // This default will change in the future. For now make it backward compatible. - if(strpos($alg,'.oaep')) { - $oaep = true; - $subalg = substr($alg,0,-5); - } - else { - $subalg = $alg; + $padding = OPENSSL_PKCS1_PADDING; + $base = $alg; + + $exts = explode('.',$alg); + if(count($exts) > 1) { + switch($exts[1]) { + case 'oaep': + $padding = OPENSSL_PKCS1_OAEP_PADDING; + break; + } + $base = $exts[0]; } - $fn = strtoupper($subalg) . '_decrypt'; + $fn = strtoupper($base) . '_decrypt'; if(function_exists($fn)) { - openssl_private_decrypt(base64url_decode($data['key']),$k,$prvkey,(($oaep) ? OPENSSL_PKCS1_OAEP_PADDING : OPENSSL_PKCS1_PADDING)); - openssl_private_decrypt(base64url_decode($data['iv']),$i,$prvkey,(($oaep) ? OPENSSL_PKCS1_OAEP_PADDING : OPENSSL_PKCS1_PADDING)); + openssl_private_decrypt(base64url_decode($data['key']),$k,$prvkey,$padding); + openssl_private_decrypt(base64url_decode($data['iv']),$i,$prvkey,$padding); return $fn(base64url_decode($data['data']),$k,$i); } else { -- cgit v1.2.3 From 2d69b419ff9a0b2186d9479447f75f37b9102fa6 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Wed, 21 Feb 2018 20:59:30 -0800 Subject: move Zotlabs\Zot\Verify to Zotlabs\Lib\Verify as part of the z6 re-org --- include/zid.php | 4 ++-- include/zot.php | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) (limited to 'include') diff --git a/include/zid.php b/include/zid.php index b3a7d1e6a..67c1d9f6c 100644 --- a/include/zid.php +++ b/include/zid.php @@ -265,9 +265,9 @@ function red_zrlify_img_callback($matches) { */ function owt_init($token) { - \Zotlabs\Zot\Verify::purge('owt', '3 MINUTE'); + \Zotlabs\Lib\Verify::purge('owt', '3 MINUTE'); - $ob_hash = \Zotlabs\Zot\Verify::get_meta('owt', 0, $token); + $ob_hash = \Zotlabs\Lib\Verify::get_meta('owt', 0, $token); if($ob_hash === false) { return; diff --git a/include/zot.php b/include/zot.php index d28e584a1..7ecd77c82 100644 --- a/include/zot.php +++ b/include/zot.php @@ -4913,7 +4913,7 @@ function zot_reply_auth_check($data,$encrypted_packet) { * the web server. We should probably convert this to webserver time rather than DB time so * that the different clocks won't affect it and allow us to keep the time short. */ - Zotlabs\Zot\Verify::purge('auth', '30 MINUTE'); + Zotlabs\Lib\Verify::purge('auth', '30 MINUTE'); $y = q("select xchan_pubkey from xchan where xchan_hash = '%s' limit 1", dbesc($sender_hash) @@ -4954,7 +4954,7 @@ function zot_reply_auth_check($data,$encrypted_packet) { // This additionally checks for forged sites since we already stored the expected result in meta // and we've already verified that this is them via zot_gethub() and that their key signed our token - $z = Zotlabs\Zot\Verify::match('auth',$c[0]['channel_id'],$data['secret'],$data['sender']['url']); + $z = Zotlabs\Lib\Verify::match('auth',$c[0]['channel_id'],$data['secret'],$data['sender']['url']); if (! $z) { logger('mod_zot: auth_check: verification key not found.'); $ret['message'] .= 'verification key not found' . EOL; -- cgit v1.2.3 From 56d1c083174aacd019176cd79236d84f52604dd8 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Wed, 21 Feb 2018 21:18:54 -0800 Subject: move dreport from zot to lib --- include/zot.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'include') diff --git a/include/zot.php b/include/zot.php index 7ecd77c82..0cfc370a2 100644 --- a/include/zot.php +++ b/include/zot.php @@ -1728,7 +1728,7 @@ function process_delivery($sender, $arr, $deliveries, $relay, $public = false, $ foreach($deliveries as $d) { $local_public = $public; - $DR = new Zotlabs\Zot\DReport(z_root(),$sender['hash'],$d['hash'],$arr['mid']); + $DR = new Zotlabs\Lib\DReport(z_root(),$sender['hash'],$d['hash'],$arr['mid']); $r = q("select * from channel where channel_hash = '%s' limit 1", dbesc($d['hash']) @@ -2257,7 +2257,7 @@ function process_mail_delivery($sender, $arr, $deliveries) { foreach($deliveries as $d) { - $DR = new Zotlabs\Zot\DReport(z_root(),$sender['hash'],$d['hash'],$arr['mid']); + $DR = new Zotlabs\Lib\DReport(z_root(),$sender['hash'],$d['hash'],$arr['mid']); $r = q("select * from channel where channel_hash = '%s' limit 1", dbesc($d['hash']) @@ -3898,11 +3898,11 @@ function process_channel_sync_delivery($sender, $arr, $deliveries) { // we should probably do this for all items, but usually we only send one. if(array_key_exists('item',$arr) && is_array($arr['item'][0])) { - $DR = new Zotlabs\Zot\DReport(z_root(),$d['hash'],$d['hash'],$arr['item'][0]['message_id'],'channel sync processed'); + $DR = new Zotlabs\Lib\DReport(z_root(),$d['hash'],$d['hash'],$arr['item'][0]['message_id'],'channel sync processed'); $DR->addto_recipient($channel['channel_name'] . ' <' . channel_reddress($channel) . '>'); } else - $DR = new Zotlabs\Zot\DReport(z_root(),$d['hash'],$d['hash'],'sync packet','channel sync delivered'); + $DR = new Zotlabs\Lib\DReport(z_root(),$d['hash'],$d['hash'],'sync packet','channel sync delivered'); $result[] = $DR->get(); } -- cgit v1.2.3 From bdcee4fc30d3be9c8e986a75f3f05ce2cddca1fd Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Thu, 22 Feb 2018 10:10:46 +0100 Subject: query for what we need instead of what we do not need --- include/items.php | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) (limited to 'include') diff --git a/include/items.php b/include/items.php index 68fa4c3b2..5a98fbbd4 100755 --- a/include/items.php +++ b/include/items.php @@ -4003,18 +4003,24 @@ function zot_feed($uid, $observer_hash, $arr) { $item_normal = item_normal(); if(is_sys_channel($uid)) { - $r = q("SELECT parent, created, postopts from item - WHERE uid != %d - $item_normal + + $nonsys_uids = q("SELECT channel_id FROM channel WHERE channel_system = 0"); + $nonsys_uids_str = ids_to_querystr($nonsys_uids,'channel_id'); + + $r = q("SELECT parent, postopts FROM item + WHERE uid IN ( %s ) AND item_wall = 1 - and item_private = 0 $sql_extra ORDER BY created ASC $limit", - intval($uid) + AND item_private = 0 + $item_normal + $sql_extra ORDER BY created ASC $limit", + intval($nonsys_uids_str) ); } else { - $r = q("SELECT parent, created, postopts from item - WHERE uid = %d $item_normal + $r = q("SELECT parent, postopts FROM item + WHERE uid = %d AND item_wall = 1 + $item_normal $sql_extra ORDER BY created ASC $limit", intval($uid) ); -- cgit v1.2.3 From 048a636315671b7e9aaf9152273d101994e37c43 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Fri, 23 Feb 2018 12:44:07 -0800 Subject: Usability and member experience: remove street address info from the default basic profile fields, mention that the site banner can be full HTML, mention on the techlevel setting that this also controls what additional features may be visible. --- include/channel.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/channel.php b/include/channel.php index 625ce16c8..d1d41d378 100644 --- a/include/channel.php +++ b/include/channel.php @@ -1897,7 +1897,7 @@ function get_profile_fields_basic($filter = 0) { $profile_fields_basic = (($filter == 0) ? get_config('system','profile_fields_basic') : null); if(! $profile_fields_basic) - $profile_fields_basic = array('fullname','pdesc','chandesc','comms','gender','dob','dob_tz','address','locality','region','postal_code','country_name','marital','sexual','homepage','hometown','keywords','about','contact'); + $profile_fields_basic = array('fullname','pdesc','chandesc','comms','gender','dob','dob_tz','region','country_name','marital','sexual','homepage','hometown','keywords','about','contact'); $x = array(); if($profile_fields_basic) @@ -1912,7 +1912,7 @@ function get_profile_fields_advanced($filter = 0) { $basic = get_profile_fields_basic($filter); $profile_fields_advanced = (($filter == 0) ? get_config('system','profile_fields_advanced') : null); if(! $profile_fields_advanced) - $profile_fields_advanced = array('partner','howlong','politic','religion','likes','dislikes','interest','channels','music','book','film','tv','romance','employment','education'); + $profile_fields_advanced = array('address','locality','postal_code','partner','howlong','politic','religion','likes','dislikes','interest','channels','music','book','film','tv','romance','employment','education'); $x = array(); if($basic) -- cgit v1.2.3 From 3dd64e7916872d21122c8184abb80eaa5a79a3fc Mon Sep 17 00:00:00 2001 From: zotlabs Date: Fri, 23 Feb 2018 13:21:49 -0800 Subject: usability: click your own profile photo to change it instead of hunting it down in the profile edit navmenu. We still need work on the 'or use a photo from your albums' to use something like the photo selection widget in the post editor as you otherwise have to track down the 'use as profile photo' entry in the photo detail navmenu instead of just clicking an image. --- include/channel.php | 1 + 1 file changed, 1 insertion(+) (limited to 'include') diff --git a/include/channel.php b/include/channel.php index d1d41d378..a8ddfa978 100644 --- a/include/channel.php +++ b/include/channel.php @@ -1449,6 +1449,7 @@ function profile_sidebar($profile, $block = 0, $show_connect = true, $zcard = fa '$reddress' => $reddress, '$rating' => '', '$contact_block' => $contact_block, + '$change_photo' => t('Change your profile photo'), '$editmenu' => profile_edit_menu($profile['uid']) )); -- cgit v1.2.3 From c618bfc607498998916f01fd9c6985c2ecd47356 Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Sat, 24 Feb 2018 19:42:39 +0100 Subject: mark connections where we do not have post_comments permissions with an no entry sign. --- include/text.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'include') diff --git a/include/text.php b/include/text.php index 35a367d43..6014f7437 100644 --- a/include/text.php +++ b/include/text.php @@ -979,7 +979,7 @@ function contact_block() { // than wishful thinking; even though soapbox channels and feeds will disable it. if(! intval(get_abconfig(App::$profile['uid'],$rr['xchan_hash'],'their_perms','post_comments'))) { - $rr['archived'] = true; + $rr['oneway'] = true; } $micropro[] = micropro($rr,true,'mpfriend'); } @@ -1033,6 +1033,7 @@ function micropro($contact, $redirect = false, $class = '', $textmode = false) { return replace_macros(get_markup_template(($textmode)?'micropro_txt.tpl':'micropro_img.tpl'),array( '$click' => (($contact['click']) ? $contact['click'] : ''), '$class' => $class . (($contact['archived']) ? ' archived' : ''), + '$oneway' => (($contact['oneway']) ? true : false), '$url' => $url, '$photo' => $contact['xchan_photo_s'], '$name' => $contact['xchan_name'], -- cgit v1.2.3 From d406e2aae20f20a7df6fc77d9317323de043c0f6 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Sat, 24 Feb 2018 14:38:28 -0800 Subject: siteinfo.json - if hide_in_statistics is set only include the total channels count and no other statistical info --- include/network.php | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) (limited to 'include') diff --git a/include/network.php b/include/network.php index 0824183f7..f8cb68613 100644 --- a/include/network.php +++ b/include/network.php @@ -1617,13 +1617,16 @@ function get_site_info() { 'lastpoll' => get_config('system','lastpoll'), 'info' => (($site_info) ? $site_info : ''), 'channels_total' => $channels_total_stat, - 'channels_active_halfyear' => $channels_active_halfyear_stat, - 'channels_active_monthly' => $channels_active_monthly_stat, - 'local_posts' => $local_posts_stat, - 'local_comments' => $local_comments_stat, 'hide_in_statistics' => $hide_in_statistics ]; + if(! $hide_in_statistics) { + $data['channels_active_halfyear'] = $channels_active_halfyear_stat; + $data['channels_active_monthly'] = $channels_active_monthly_stat; + $data['local_posts'] = $local_posts_stat; + $data['local_comments'] = $local_comments_stat; + } + return $data; } -- cgit v1.2.3 From f83b7c2d52ba122d9695c68fdbfaf0ed12e55ebc Mon Sep 17 00:00:00 2001 From: zotlabs Date: Mon, 26 Feb 2018 15:46:29 -0800 Subject: issues with delivery of edited posts to forums --- include/items.php | 12 +++++++++++- include/text.php | 12 ++++++++++++ 2 files changed, 23 insertions(+), 1 deletion(-) (limited to 'include') diff --git a/include/items.php b/include/items.php index 5a98fbbd4..790b91c88 100755 --- a/include/items.php +++ b/include/items.php @@ -2464,7 +2464,7 @@ function tag_deliver($uid, $item_id) { // this is an update (edit) to a post which was already processed by us and has a second delivery chain // Just start the second delivery chain to deliver the updated post // after resetting ownership and permission bits - + logger('updating edited tag_deliver post for ' . $u[0]['channel_address']); start_delivery_chain($u[0], $item, $item_id, 0); return; } @@ -2767,6 +2767,16 @@ function tgroup_check($uid, $item) { return false; } + + // see if we already have this item. Maybe it is being updated. + + $r = q("select id from item where mid = '%s' and uid = %d limit 1", + dbesc($item['mid']), + intval($uid) + ); + if($r) + return true; + if(! perm_is_allowed($uid,$item['author_xchan'],'tag_deliver')) return false; diff --git a/include/text.php b/include/text.php index 35a367d43..98d6947a4 100644 --- a/include/text.php +++ b/include/text.php @@ -2018,15 +2018,27 @@ function item_post_type($item) { return $post_type; } +// This needs to be fixed to use quoted tag strings function undo_post_tagging($s) { + $matches = null; + // undo tags and mentions $cnt = preg_match_all('/([@#])(\!*)\[zrl=(.*?)\](.*?)\[\/zrl\]/ism',$s,$matches,PREG_SET_ORDER); if($cnt) { foreach($matches as $mtch) { $s = str_replace($mtch[0], $mtch[1] . $mtch[2] . str_replace(' ','_',$mtch[4]),$s); } } + // undo forum tags + $cnt = preg_match_all('/\!\[zrl=(.*?)\](.*?)\[\/zrl\]/ism',$s,$matches,PREG_SET_ORDER); + if($cnt) { + foreach($matches as $mtch) { + $s = str_replace($mtch[0], '!' . str_replace(' ','_',$mtch[2]),$s); + } + } + + return $s; } -- cgit v1.2.3 From 5277e79fa2dcac5ddd5e4577fb1719fe57ee3829 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Mon, 26 Feb 2018 20:30:36 -0800 Subject: change undo_post_tagging() to emit quoted tags rather than using underscore replacement if they contain spaces. --- include/text.php | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/text.php b/include/text.php index d4cfecd75..c82fad517 100644 --- a/include/text.php +++ b/include/text.php @@ -2028,14 +2028,14 @@ function undo_post_tagging($s) { $cnt = preg_match_all('/([@#])(\!*)\[zrl=(.*?)\](.*?)\[\/zrl\]/ism',$s,$matches,PREG_SET_ORDER); if($cnt) { foreach($matches as $mtch) { - $s = str_replace($mtch[0], $mtch[1] . $mtch[2] . str_replace(' ','_',$mtch[4]),$s); + $s = str_replace($mtch[0], $mtch[1] . $mtch[2] . quote_tag($mtch[4]),$s); } } // undo forum tags $cnt = preg_match_all('/\!\[zrl=(.*?)\](.*?)\[\/zrl\]/ism',$s,$matches,PREG_SET_ORDER); if($cnt) { foreach($matches as $mtch) { - $s = str_replace($mtch[0], '!' . str_replace(' ','_',$mtch[2]),$s); + $s = str_replace($mtch[0], '!' . quote_tag($mtch[2]),$s); } } @@ -2043,6 +2043,13 @@ function undo_post_tagging($s) { return $s; } +function quote_tag($s) { + if(strpos($s,' ') !== false) + return '"' . $s . '"'; + return $s; +} + + function fix_mce_lf($s) { $s = str_replace("\r\n","\n",$s); // $s = str_replace("\n\n","\n",$s); -- cgit v1.2.3 From f34e6d897766ab93a0c0dede9d89f5536c4f60e9 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Tue, 27 Feb 2018 19:15:12 -0800 Subject: move oauth_client management and guest access tokens to features rather than auto-enabling at various feature levels. This involves string changes and should *not* go into 3.2RC. --- include/features.php | 59 ++++++++++++++++++++++++++++++++++++++-------------- 1 file changed, 43 insertions(+), 16 deletions(-) (limited to 'include') diff --git a/include/features.php b/include/features.php index 839faff67..be4017776 100644 --- a/include/features.php +++ b/include/features.php @@ -54,14 +54,6 @@ function get_features($filtered = true) { t('General Features'), - [ - 'multi_profiles', - t('Multiple Profiles'), - t('Ability to create multiple profiles'), - false, - get_config('feature_lock','multi_profiles'), - feature_level('multi_profiles',3), - ], [ 'advanced_profiles', @@ -163,14 +155,6 @@ function get_features($filtered = true) { feature_level('ajaxchat',1), ], - [ - 'permcats', - t('Permission Groups'), - t('Provide alternate connection permission roles.'), - false, - get_config('feature_lock','permcats'), - feature_level('permcats',2), - ], [ 'smart_birthdays', @@ -219,6 +203,49 @@ function get_features($filtered = true) { ], ], + + 'access_control' => [ + t('Access Control and Permissions'), + + [ + 'multi_profiles', + t('Multiple Profiles'), + t('Ability to create multiple profiles'), + false, + get_config('feature_lock','multi_profiles'), + feature_level('multi_profiles',3), + ], + + + [ + 'permcats', + t('Permission Groups'), + t('Provide alternate connection permission roles.'), + false, + get_config('feature_lock','permcats'), + feature_level('permcats',2), + ], + + [ + 'oauth_clients', + t('OAuth Clients'), + t('Manage authenticatication tokens for mobile and remote apps.'), + false, + get_config('feature_lock','oauth_clients'), + feature_level('oauth_clients',1), + ], + + [ + 'access_tokens', + t('Access Tokens'), + t('Create access tokens so that non-members can access private content.'), + false, + get_config('feature_lock','access_tokens'), + feature_level('access_tokens',2), + ], + + ], + // Post composition 'composition' => [ -- cgit v1.2.3 From 14183b8fb548b6525d6ce98b52ce5ec7f2580f2e Mon Sep 17 00:00:00 2001 From: zotlabs Date: Tue, 27 Feb 2018 19:18:53 -0800 Subject: move privacy groups to the newly created Access Control and Permissions tab. Not for 3.2 as it requires string changes from the prior checkin. --- include/features.php | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) (limited to 'include') diff --git a/include/features.php b/include/features.php index be4017776..993266977 100644 --- a/include/features.php +++ b/include/features.php @@ -207,6 +207,15 @@ function get_features($filtered = true) { 'access_control' => [ t('Access Control and Permissions'), + [ + 'groups', + t('Privacy Groups'), + t('Enable management and selection of privacy groups'), + true, + get_config('feature_lock','groups'), + feature_level('groups',0), + ], + [ 'multi_profiles', t('Multiple Profiles'), @@ -339,14 +348,6 @@ function get_features($filtered = true) { feature_level('archives',1), ], - [ - 'groups', - t('Privacy Groups'), - t('Enable management and selection of privacy groups'), - true, - get_config('feature_lock','groups'), - feature_level('groups',0), - ], [ 'savedsearch', -- cgit v1.2.3 From 01015bc0d54343831189ce1b09a69b70a6371fd5 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Wed, 28 Feb 2018 21:15:26 -0800 Subject: several email validation issues --- include/account.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/account.php b/include/account.php index 3ac485974..40cf281c3 100644 --- a/include/account.php +++ b/include/account.php @@ -530,7 +530,7 @@ function account_deny($hash) { function account_approve($hash) { - $ret = array('success' => false); + $ret = false; // Note: when the password in the register table is 'verify', the uid actually contains the account_id -- cgit v1.2.3 From 6210b7727f6c8542daaa62d1ed7f9ec1f74323f2 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Wed, 28 Feb 2018 21:39:52 -0800 Subject: profile edit: empty dob is set to the date of the first profile save unless you clear it first --- include/datetime.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/datetime.php b/include/datetime.php index 1e9a1fa51..766c90d16 100644 --- a/include/datetime.php +++ b/include/datetime.php @@ -125,7 +125,7 @@ function datetime_convert($from = 'UTC', $to = 'UTC', $s = 'now', $fmt = "Y-m-d */ function dob($dob) { - if ($dob === '0000-00-00') + if ($dob === '0000-00-00' || $dob === '') $value = ''; else $value = (($year) ? datetime_convert('UTC','UTC',$dob,'Y-m-d') : datetime_convert('UTC','UTC',$dob,'m-d')); -- cgit v1.2.3 From b60098ec68e76cad9ebebdc83bb9c23766be9c52 Mon Sep 17 00:00:00 2001 From: Klaus Weidenbach Date: Thu, 1 Mar 2018 11:29:15 +0100 Subject: Update composer autoload cache. --- include/zot.php | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'include') diff --git a/include/zot.php b/include/zot.php index 0cfc370a2..25e30ccbc 100644 --- a/include/zot.php +++ b/include/zot.php @@ -171,6 +171,8 @@ function zot_build_packet($channel, $type = 'notify', $recipients = null, $remot * packet type: one of 'ping', 'pickup', 'purge', 'refresh', 'keychange', 'force_refresh', 'notify', 'auth_check' * @param array $recipients * envelope information, array ( 'guid' => string, 'guid_sig' => string ); empty for public posts + * @param string msg + * optional message * @param string $remote_key * optional public site key of target hub used to encrypt entire packet * NOTE: remote_key and encrypted packets are required for 'auth_check' packets, optional for all others @@ -299,7 +301,7 @@ function zot_zot($url, $data, $channel = null,$crypto = null) { if($channel) { $headers['X-Zot-Token'] = random_string(); $hash = \Zotlabs\Web\HTTPSig::generate_digest($data,false); - $headers['X-Zot-Digest'] = 'SHA-256=' . $hash; + $headers['X-Zot-Digest'] = 'SHA-256=' . $hash; $h = \Zotlabs\Web\HTTPSig::create_sig('',$headers,$channel['channel_prvkey'],'acct:' . $channel['channel_address'] . '@' . \App::get_hostname(),false,false,'sha512',(($crypto) ? $crypto['hubloc_sitekey'] : ''), (($crypto) ? zot_best_algorithm($crypto['site_crypto']) : '')); } @@ -393,7 +395,7 @@ function zot_refresh($them, $channel = null, $force = false) { if($s && intval($s[0]['site_dead']) && (! $force)) { logger('zot_refresh: site ' . $url . ' is marked dead and force flag is not set. Cancelling operation.'); return false; - } + } $token = random_string(); @@ -1156,7 +1158,7 @@ function zot_process_response($hub, $arr, $outq) { * and also that the signer and the sender match. * If that happens, we do not need to fetch/pickup the message - we have it already and it is verified. * Translate it into the form we need for zot_import() and import it. - * + * * Otherwise send back a pickup message, using our message tracking ID ($arr['secret']), which we will sign with our site * private key. * The entire pickup message is encrypted with the remote site's public key. @@ -5090,7 +5092,7 @@ function zot_reply_refresh($sender, $recipients) { function zot6_check_sig() { $ret = [ 'success' => false ]; - + logger('server: ' . print_r($_SERVER,true), LOGGER_DATA); if(array_key_exists('HTTP_SIGNATURE',$_SERVER)) { -- cgit v1.2.3 From dcfe9bc64f822af02021767bf8c70fbe9d847bda Mon Sep 17 00:00:00 2001 From: zotlabs Date: Fri, 2 Mar 2018 01:01:30 -0800 Subject: background work for caldav integration continued, modify mod_follow to allow it to be called from ajax without redirecting. --- include/event.php | 22 ++++++++++++++++++++++ include/follow.php | 15 ++++++++++++--- 2 files changed, 34 insertions(+), 3 deletions(-) (limited to 'include') diff --git a/include/event.php b/include/event.php index 1077a3c64..84a16e8be 100644 --- a/include/event.php +++ b/include/event.php @@ -1322,3 +1322,25 @@ function translate_type($type) { return [$type, t('Other') . ' (' . $type . ')']; } } + + +function cal_store_lowlevel($arr) { + + $store = [ + 'cal_aid' => ((array_key_exists('cal_aid',$arr)) ? $arr['cal_aid'] : 0), + 'cal_uid' => ((array_key_exists('cal_uid',$arr)) ? $arr['cal_uid'] : 0), + 'cal_hash' => ((array_key_exists('cal_hash',$arr)) ? $arr['cal_hash'] : ''), + 'cal_name' => ((array_key_exists('cal_name',$arr)) ? $arr['cal_name'] : ''), + 'uri' => ((array_key_exists('uri',$arr)) ? $arr['uri'] : ''), + 'logname' => ((array_key_exists('logname',$arr)) ? $arr['logname'] : ''), + 'pass' => ((array_key_exists('pass',$arr)) ? $arr['pass'] : ''), + 'ctag' => ((array_key_exists('ctag',$arr)) ? $arr['ctag'] : ''), + 'synctoken' => ((array_key_exists('synctoken',$arr)) ? $arr['synctoken'] : ''), + 'cal_types' => ((array_key_exists('cal_types',$arr)) ? $arr['cal_types'] : ''), + ]; + + return create_table_from_array('cal', $store); + +} + + diff --git a/include/follow.php b/include/follow.php index 0843802c5..a63fe66ea 100644 --- a/include/follow.php +++ b/include/follow.php @@ -88,9 +88,18 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false) // Premium channel, set confirm before callback to avoid recursion - if(array_key_exists('connect_url',$j) && ($interactive) && (! $confirm)) - goaway(zid($j['connect_url'])); - + if(array_key_exists('connect_url',$j) && (! $confirm)) { + if($interactive) { + goaway(zid($j['connect_url'])); + } + else { + $result['message'] = t('Premium channel - please visit:') . ' ' . zid($j['connect_url']); + logger('mod_follow: ' . $result['message']); + return $result; + } + } + + // do we have an xchan and hubloc? // If not, create them. -- cgit v1.2.3 From b38ce967f36e0dc5a503fbca9477732cd8967ea6 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Fri, 2 Mar 2018 12:41:50 -0800 Subject: sort settings/featured --- include/text.php | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'include') diff --git a/include/text.php b/include/text.php index c82fad517..6675043e6 100644 --- a/include/text.php +++ b/include/text.php @@ -3311,4 +3311,10 @@ function purify_filename($s) { return $s; } +// callback for sorting the settings/featured entries. +function featured_sort($a,$b) { + $s1 = substr($a,strpos($a,'id='),20); + $s2 = substr($b,strpos($b,'id='),20); + return(strcmp($s1,$s2)); +} -- cgit v1.2.3 From df038055799d839aebab4e1a8b43fba81192c186 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Fri, 2 Mar 2018 13:15:28 -0800 Subject: process follow from article menu in the background, do not reload page - hubzilla issue #987 --- include/conversation.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'include') diff --git a/include/conversation.php b/include/conversation.php index 0bb9c769a..6374267eb 100644 --- a/include/conversation.php +++ b/include/conversation.php @@ -1005,7 +1005,7 @@ function thread_author_menu($item, $mode = '') { $contact = App::$contacts[$item['author_xchan']]; else if($local_channel && $item['author']['xchan_addr']) - $follow_url = z_root() . '/follow/?f=&url=' . urlencode($item['author']['xchan_addr']); + $follow_url = z_root() . '/follow/?f=&url=' . urlencode($item['author']['xchan_addr']) . '&interactive=0'; if($item['uid'] > 0 && author_is_pmable($item['author'],$contact)) { @@ -1051,8 +1051,8 @@ function thread_author_menu($item, $mode = '') { 'menu' => 'follow', 'title' => t('Connect'), 'icon' => 'fw', - 'action' => '', - 'href' => $follow_url + 'action' => 'doFollowAuthor(\'' . $follow_url . '\'); return false;', + 'href' => '#', ]; } -- cgit v1.2.3 From c3920116f2fbf994f63b8bf9d190b16699cb93c0 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Sat, 3 Mar 2018 13:52:55 -0800 Subject: more work on federated polls --- include/bbcode.php | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) (limited to 'include') diff --git a/include/bbcode.php b/include/bbcode.php index 03a46444b..b33766757 100644 --- a/include/bbcode.php +++ b/include/bbcode.php @@ -668,6 +668,31 @@ function bb_fixtable_lf($match) { } +function bbtopoll($s) { + + $pl = []; + + $match = ''; + if(! preg_match("/\[poll=(.*?)\](.*?)\[\/poll\]/ism",$s,$match)) { + return null; + } + $pl['poll_id'] = $match[1]; + $pl['poll_question'] = $match[2]; + + $match = ''; + if(preg_match_all("/\[poll\-answer=(.*?)\](.*?)\[\/poll\-answer\]/is",$s,$match,PREG_SET_ORDER)) { + $pl['answer'] = []; + foreach($match as $m) { + $ans = [ 'answer_id' => $m[1], 'answer_text' => $m[2] ]; + $pl['answer'][] = $ans; + } + } + + return $pl; + +} + + function parseIdentityAwareHTML($Text) { // Hide all [noparse] contained bbtags by spacefying them @@ -766,6 +791,11 @@ function bbcode($Text, $options = []) { $ev = bbtoevent($Text); + // and the same with polls + + $pl = bbtopoll($Text); + + // process [observer] tags before we do anything else because we might // be stripping away stuff that then doesn't need to be worked on anymore -- cgit v1.2.3 From 14f701f7fc20104520a3837c6e6c359dfa0161f7 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Sun, 4 Mar 2018 14:30:09 -0800 Subject: restrict mail messages to max_import_size --- include/items.php | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'include') diff --git a/include/items.php b/include/items.php index 790b91c88..50f663836 100755 --- a/include/items.php +++ b/include/items.php @@ -1412,6 +1412,13 @@ function get_mail_elements($x) { } else { $arr['body'] = (($x['body']) ? htmlspecialchars($x['body'], ENT_COMPAT,'UTF-8',false) : ''); + + $maxlen = get_max_import_size(); + + if($maxlen && mb_strlen($arr['body']) > $maxlen) { + $arr['body'] = mb_substr($arr['body'],0,$maxlen,'UTF-8'); + logger('message length exceeds max_import_size: truncated'); + } } $arr['title'] = (($x['title'])? htmlspecialchars($x['title'],ENT_COMPAT,'UTF-8',false) : ''); -- cgit v1.2.3 From be6619d9c06a31fa211c6200aad377d94c1fd0b5 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Sun, 4 Mar 2018 15:29:10 -0800 Subject: bugfix: unable to reset profile fields to defaults in admin/profs by emptying the textarea --- include/channel.php | 1 + 1 file changed, 1 insertion(+) (limited to 'include') diff --git a/include/channel.php b/include/channel.php index a8ddfa978..204c1e64f 100644 --- a/include/channel.php +++ b/include/channel.php @@ -1897,6 +1897,7 @@ function is_public_profile() { function get_profile_fields_basic($filter = 0) { $profile_fields_basic = (($filter == 0) ? get_config('system','profile_fields_basic') : null); + if(! $profile_fields_basic) $profile_fields_basic = array('fullname','pdesc','chandesc','comms','gender','dob','dob_tz','region','country_name','marital','sexual','homepage','hometown','keywords','about','contact'); -- cgit v1.2.3 From 59a2057fa0faac2db7b36a5d6c40435c6e13d378 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Sun, 4 Mar 2018 17:36:52 -0800 Subject: fix some issues with friend suggestions on standalone sites with no 'suggestme' volunteers. This wrongly pulled up a site directory suggesting everybody on the site. While a better outcome than finding nobody, this does not fit with our ethical design goals. If there are no friends of friends, we will only suggest those who volunteer to be on the default suggestion list. Also do not attempt to load poco data from dead sites. --- include/channel.php | 3 +-- include/socgraph.php | 13 ++++++++----- 2 files changed, 9 insertions(+), 7 deletions(-) (limited to 'include') diff --git a/include/channel.php b/include/channel.php index 204c1e64f..a754d3504 100644 --- a/include/channel.php +++ b/include/channel.php @@ -1126,8 +1126,7 @@ function channel_export_items($channel_id, $start, $finish) { /** * @brief Loads a profile into the App structure. * - * The function requires a writeable copy of the main App structure, and the - * nickname of a valid channel. + * The function requires the nickname of a valid channel. * * Permissions of the current observer are checked. If a restricted profile is available * to the current observer, that will be loaded instead of the channel default profile. diff --git a/include/socgraph.php b/include/socgraph.php index 87a880202..6cddbbaac 100644 --- a/include/socgraph.php +++ b/include/socgraph.php @@ -52,7 +52,7 @@ function poco_load($xchan = '', $url = null) { elseif($s['return_code'] == 404) logger('poco_load: nothing found'); else - logger('poco_load: returns ' . print_r($s,true)); + logger('poco_load: returns ' . print_r($s,true), LOGGER_DATA); return; } @@ -288,11 +288,14 @@ function suggestion_query($uid, $myxchan, $start = 0, $limit = 80) { function update_suggestions() { - $dirmode = get_config('system', 'directory_mode'); - if($dirmode === false) - $dirmode = DIRECTORY_MODE_NORMAL; + $dirmode = get_config('system', 'directory_mode', DIRECTORY_MODE_NORMAL); - if(($dirmode == DIRECTORY_MODE_PRIMARY) || ($dirmode == DIRECTORY_MODE_STANDALONE)) { + if($dirmode == DIRECTORY_MODE_STANDALONE) { + poco_load('', z_root() . '/poco'); + return; + } + + if($dirmode == DIRECTORY_MODE_PRIMARY) { $url = z_root() . '/sitelist'; } else { -- cgit v1.2.3 From 0a876e1518e83636f65b35394076745254db019d Mon Sep 17 00:00:00 2001 From: zotlabs Date: Tue, 6 Mar 2018 11:39:49 -0800 Subject: don't add pending connections to the default privacy group until accepted --- include/zot.php | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) (limited to 'include') diff --git a/include/zot.php b/include/zot.php index 25e30ccbc..c11cace2a 100644 --- a/include/zot.php +++ b/include/zot.php @@ -589,13 +589,16 @@ function zot_refresh($them, $channel = null, $force = false) { // If there is a default group for this channel, add this connection to it - - $default_group = $channel['channel_default_group']; - if($default_group) { - require_once('include/group.php'); - $g = group_rec_byhash($channel['channel_id'],$default_group); - if($g) - group_add_member($channel['channel_id'],'',$x['hash'],$g['id']); + // for pending connections this will happens at acceptance time. + + if(! intval($new_connection[0]['abook_pending'])) { + $default_group = $channel['channel_default_group']; + if($default_group) { + require_once('include/group.php'); + $g = group_rec_byhash($channel['channel_id'],$default_group); + if($g) + group_add_member($channel['channel_id'],'',$x['hash'],$g['id']); + } } unset($new_connection[0]['abook_id']); -- cgit v1.2.3 From 34399b8b47d9a85eb3c4095392ab994792257d88 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Mon, 12 Mar 2018 15:47:33 -0700 Subject: obscure permission issue with custom permissions when using the highly discouraged advisory privacy modes --- include/items.php | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'include') diff --git a/include/items.php b/include/items.php index 50f663836..7faa1b9ec 100755 --- a/include/items.php +++ b/include/items.php @@ -969,6 +969,10 @@ function import_author_unknown($x) { return false; } +function empty_acl($item) { + return (($item['allow_cid'] === EMPTY_STR && $item['allow_gid'] === EMPTY_STR && $item['deny_cid'] === EMPTY_STR && $item['deny_gid'] === EMPTY_STR) ? true : false); +} + function encode_item($item,$mirror = false) { $x = array(); $x['type'] = 'activity'; -- cgit v1.2.3 From ab1d47b36f21e5881900d9d805f4f7876f1c472f Mon Sep 17 00:00:00 2001 From: zotlabs Date: Mon, 12 Mar 2018 20:54:55 -0700 Subject: unicode/emoji usernames. Warning: experimental feature, unstable, untested, disabled by default, use at your own risk, may not federate to other platforms and protocols. May not clone correctly. Bug reports which neglect to include detailed roubleshooting information and patches/pull requests will be ignored. --- include/channel.php | 4 ++-- include/text.php | 16 ++++++++++++++++ 2 files changed, 18 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/channel.php b/include/channel.php index a754d3504..c94f5c657 100644 --- a/include/channel.php +++ b/include/channel.php @@ -1234,7 +1234,7 @@ function profile_load($nickname, $profile = '') { ); if($z) { $p[0]['picdate'] = $z[0]['xchan_photo_date']; - $p[0]['reddress'] = str_replace('@','@',$z[0]['xchan_addr']); + $p[0]['reddress'] = str_replace('@','@',unpunify($z[0]['xchan_addr'])); } // fetch user tags if this isn't the default profile @@ -1255,7 +1255,7 @@ function profile_load($nickname, $profile = '') { App::$profile = $p[0]; App::$profile_uid = $p[0]['profile_uid']; - App::$page['title'] = App::$profile['channel_name'] . " - " . channel_reddress(App::$profile); + App::$page['title'] = App::$profile['channel_name'] . " - " . unpunify(channel_reddress(App::$profile)); App::$profile['permission_to_view'] = $can_view_profile; diff --git a/include/text.php b/include/text.php index 6675043e6..c1e064857 100644 --- a/include/text.php +++ b/include/text.php @@ -3318,3 +3318,19 @@ function featured_sort($a,$b) { $s2 = substr($b,strpos($b,'id='),20); return(strcmp($s1,$s2)); } + + +function punify($s) { + require_once('vendor/simplepie/simplepie/idn/idna_convert.class.php'); + $x = new idna_convert(['encoding' => 'utf8']); + return $x->encode($s); + +} + +function unpunify($s) { + require_once('vendor/simplepie/simplepie/idn/idna_convert.class.php'); + $x = new idna_convert(['encoding' => 'utf8']); + return $x->decode($s); + +} + -- cgit v1.2.3